Lucene search

K
GvectorsWpforo Forum

20 matches found

CVE
CVE
added 2019/06/19 6:15 p.m.99 views

CVE-2018-16613

An issue was discovered in the update function in the wpForo Forum plugin before 1.5.2 for WordPress. A registered forum is able to escalate privilege to the forum administrator without any form of user interaction.

9.8CVSS9.5AI score0.0153EPSS
CVE
CVE
added 2023/06/09 6:16 a.m.74 views

CVE-2023-2249

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. This is due to the insecure use of file_get_contents without appropriate verification of the data being supplied to the function....

8.8CVSS9AI score0.44721EPSS
CVE
CVE
added 2023/11/30 5:15 p.m.65 views

CVE-2023-47872

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3.

6.5CVSS6AI score0.00181EPSS
CVE
CVE
added 2021/07/06 11:15 a.m.62 views

CVE-2021-24406

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control a...

6.1CVSS6.2AI score0.08523EPSS
CVE
CVE
added 2022/11/08 7:15 p.m.61 views

CVE-2022-40205

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin

5.4CVSS4.7AI score0.0006EPSS
CVE
CVE
added 2022/11/08 7:15 p.m.59 views

CVE-2022-40206

Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin

6.3CVSS4.8AI score0.00074EPSS
CVE
CVE
added 2022/11/08 7:15 p.m.54 views

CVE-2022-40632

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin

5.4CVSS5.5AI score0.00055EPSS
CVE
CVE
added 2018/06/04 1:29 p.m.53 views

CVE-2018-11709

wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.

6.1CVSS6AI score0.06788EPSS
CVE
CVE
added 2025/02/28 7:15 a.m.53 views

CVE-2025-0764

The wpForo Forum plugin for WordPress is vulnerable to arbitrary file read due to insufficient input validation in the 'update' method of the 'Members' class in all versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with subscriber-level privileges or higher, ...

6.5CVSS6.3AI score0.00069EPSS
CVE
CVE
added 2023/07/24 11:15 a.m.49 views

CVE-2023-2309

The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.

6.1CVSS6.1AI score0.0612EPSS
CVE
CVE
added 2024/12/09 1:15 p.m.49 views

CVE-2023-47869

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5.

5.4CVSS4.8AI score0.00057EPSS
CVE
CVE
added 2022/11/17 11:15 p.m.48 views

CVE-2022-40200

Auth. (subscriber+) Arbitrary File Upload vulnerability in wpForo Forum plugin

9.9CVSS8.7AI score0.00343EPSS
CVE
CVE
added 2022/09/09 3:15 p.m.46 views

CVE-2022-38144

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin

8.8CVSS8.9AI score0.00199EPSS
CVE
CVE
added 2024/05/17 9:15 a.m.44 views

CVE-2023-47868

Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.

9.8CVSS6.9AI score0.00251EPSS
CVE
CVE
added 2024/08/26 4:15 p.m.44 views

CVE-2024-43289

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.

7.5CVSS7.5AI score0.00626EPSS
CVE
CVE
added 2022/11/17 11:15 p.m.43 views

CVE-2022-40192

Cross-Site Request Forgery (CSRF) vulnerability in wpForo Forum plugin

8.8CVSS8AI score0.00129EPSS
CVE
CVE
added 2024/08/18 10:15 p.m.40 views

CVE-2024-43288

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This issue affects wpForo Forum: from n/a through 2.3.4.

8.1CVSS4.7AI score0.00163EPSS
CVE
CVE
added 2024/06/21 4:15 p.m.37 views

CVE-2022-38055

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through 2.0.9.

5.4CVSS4.7AI score0.00147EPSS
CVE
CVE
added 2023/11/30 6:15 p.m.30 views

CVE-2023-47870

Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.

8.8CVSS7.8AI score0.00134EPSS
CVE
CVE
added 2024/06/01 9:15 a.m.27 views

CVE-2024-3200

The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

9.9CVSS9.5AI score0.00759EPSS